Introduction

In the days following the Sept. 11 attack on the World Trade Center in New York City, The Bank of New York Co.'s securities settlement system, through which fully half of the trading in U.S. Treasuries moves, was in large measure silenced for nearly a week. It wasn't that the bank's backup systems, mostly redundant hardware and software, didn't work. Nor was it a matter of the systems being too close to Ground Zero. Instead, the problem was that BONY backup sites were now suddenly compelled to communicate with many of its customers' own backup technology. Dozens and dozens of new electronic relationships had to be forged. Astonishingly, the links between these computers couldn't handle anywhere near the capacity needed to carry the data load; what's more, the backup systems were rife with bugs, the legacy of neglect and ill-conceived testing.

"After the World Trade Center, we've learned that there is no limit to the unthinkable and that the unthinkable is what we actually have to protect ourselves from."

As with so much of the fallout from the Trade Center attack, the lesson BONY learned was an expensive one. The bank reported in October that system failures and loss of business related to the disaster shaved third-quarter earnings by fully 37 percent, or $140 million. And that figure doesn't even begin to address the hundreds of millions of dollars in lost trades for the bank's customers while the communications systems sat idle.

What makes the Bank of New York case so telling is that in smaller and less publicized versions, virtually every company affected by the events in lower Manhattanand that includes businesses operating as far away as Silicon Valley that couldn't get the raw materials they needed to produce their productsfound itself facing similar operational setbacks. Companies have spent millions on contingency plans, disaster recovery schemes and risk management techniques only to discover that in the face of a real catastrophe, they simply hadn't planned for the worst.

In one of the few detailed surveys of corporate vulnerability to major unexpected disasters, Comdisco Inc. found in 1999 that 30 percent of 200 of the largest U.S. companies had no business continuity plans in place. It hasn't changed much since then, says Gartner Inc. security analyst Roberta Witty: "Attention to rare and unlikely risks is not something that company management does well. The crisis of the day always gets priority."

Not anymore. The terrorist attacks of Sept. 11 are forcing companies large and small to rethink their risk strategies, and to develop new approaches that could transform the face of how businesses not only organize their planning, but how they are structured from top to bottom. "Corporate risk management has been based on history and probability, and on defending against a recurrence of what has already occurred," says Ian I. Mitroff, director of the University of Southern California Center for Crisis Management. "Now, after the World Trade Center, we've learned that there is no limit to the unthinkable and that the unthinkable is what we actually have to protect ourselves from."

Companies have been scrambling to re-evaluate almost every facet of how they manage risk and plan for disasters. This, in turn, is inspiring an unexpected sea of change in how the modern corporation operates. Everything is being reconsidered, from employee surveillance and trust to calculating returns on security measures, the appropriate level of network protection, inventory levels, safeguarding key brands, quickly installing new technologies and identifying the corporation's top priorities.